Description
*** COURSE COMPLETELY REWRITTEN AND UPDATED 2019 ***Learn to use Volatility to conduct a fast-triage compromise assessment.A system's memory contains an assortment of valuable forensic data. Memory forensics can uncover evidence of compromise, malware, data spoliation and an assortment of file use and knowledge evidence - valuable skills for both incident response triage work as well as in digital forensic exams involving litigation.This class teaches students how to conduct memory forensics using Volatility.Learn how to do a fast-triage compromise assessmentLearn how to work with raw memory images, hibernation files and VM imagesLearn how to run and interpret pluginsHands-on practicals reinforce learningLearn all of this in about one hour using all freely available tools.
